tcg: Enforce single page access in probe_write()

Let's enforce the interface restriction. Signed-off-by: David Hildenbrand <david@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20190826075112.25637-5-david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
author: David Hildenbrand <david@redhat.com> 2019-08-26 09:51:09 +0200
committer: Richard Henderson <richard.henderson@linaro.org> 2019-09-03 08:34:18 -0700
commit: ca86cf328ce216bb304bbf09a43614613f945d86 (patch)
tree: 31f4bc4fb7bcedc2d382148aaf9dde61073fd05a /accel/tcg/user-exec.c
parent: 59e96ac6cb13951dd09afc70622858089abf3384 (diff)
download: qemu-ca86cf328ce216bb304bbf09a43614613f945d86.zip
qemu-ca86cf328ce216bb304bbf09a43614613f945d86.tar.gz
qemu-ca86cf328ce216bb304bbf09a43614613f945d86.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index 86e6827..625c33f 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -191,6 +191,8 @@ static inline int handle_cpu_signal(uintptr_t pc, siginfo_t *info,
 void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
                  uintptr_t retaddr)
 {
+    g_assert(-(addr | TARGET_PAGE_MASK) >= size);
+
     if (!guest_addr_valid(addr) ||
         page_check_range(addr, size, PAGE_WRITE) < 0) {
         CPUState *cpu = env_cpu(env);
author	David Hildenbrand <david@redhat.com>	2019-08-26 09:51:09 +0200
committer	Richard Henderson <richard.henderson@linaro.org>	2019-09-03 08:34:18 -0700
commit	ca86cf328ce216bb304bbf09a43614613f945d86 (patch)
tree	31f4bc4fb7bcedc2d382148aaf9dde61073fd05a /accel/tcg/user-exec.c
parent	59e96ac6cb13951dd09afc70622858089abf3384 (diff)
download	qemu-ca86cf328ce216bb304bbf09a43614613f945d86.zip qemu-ca86cf328ce216bb304bbf09a43614613f945d86.tar.gz qemu-ca86cf328ce216bb304bbf09a43614613f945d86.tar.bz2